document/文档/linux/nginx.md

# Nginx

## 常用命令
```sh
# 启动 Nginx 服务
sudo systemctl start nginx
# 关闭
sudo systemctl stop nginx
# 重启
sudo systemctl restart nginx
# 重新加载 Nginx 以应用更改
sudo systemctl reload nginx

# 默认目录
cd  /var/www/
# 配置文件
cd /etc/nginx/
/etc/nginx/nginx.conf

#测试 Nginx 配置是否正确
sudo nginx -t

```

## 在 Ubuntu 22.04 上安装和配置 Nginx

### 安装
```sh
#首先，确保您的软件包索引是最新的：
sudo apt update
#步骤 2：安装 Nginx
sudo apt install nginx
#步骤 3：启动 Nginx 服务
sudo systemctl start nginx
#步骤 4：使 Nginx 服务开机自启
sudo systemctl enable nginx
#步骤 5：检查 Nginx 状态
sudo systemctl status nginx
#步骤 6：配置防火墙
sudo ufw allow 'Nginx Full'

```

###  配置ssh
常见的存放路径是 /etc/nginx/ssl/
```sh
sudo mkdir -p /etc/nginx/ssl
sudo cp /path/to/your/example.com.crt /etc/nginx/ssl/
sudo cp /path/to/your/example.com.key /etc/nginx/ssl/

```
```sh
server {
    listen 443 ssl;
    server_name api.zpc-xy.com;

    ssl_certificate /etc/nginx/ssl/api.zpc-xy.com_nginx/api.zpc-xy.com_bundle.crt;
    ssl_certificate_key ssl/api.zpc-xy.com_nginx/api.zpc-xy.com.key;

    # ssl_protocols TLSv1.2 TLSv1.3; # 仅使用 TLS 1.2 和 1.3
    # ssl_ciphers HIGH:!aNULL:!MD5;  # 配置强密码套件

    # location / {
    #     proxy_pass http://localhost:3000; # 例如，如果你有一个后端应用运行在端口3000
    #     proxy_set_header Host $host;
    #     proxy_set_header X-Real-IP $remote_addr;
    #     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #     proxy_set_header X-Forwarded-Proto $scheme;
    # }
}
```
 ### 配置文件
```bash
# 基础配置
server {
    listen 80;
    server_name example.com www.example.com;
 
    root /var/www/example.com/html;
    index index.html index.htm index.nginx-debian.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

server {
    	# 添加虚拟目录映射
		location /output/ {
			# alias /disk/ai_sports/DataGateway/output/;
			# 或者使用 root 指令（视具体情况而定）
			root /disk/ai_sports/DataGateway/output/;
			
			# 可选配置：根据需要添加其他指令，如访问控制、缓存策略等
			 autoindex on;  # 如果希望列出目录内容
			# expires 30d;   # 设置静态资源缓存过期时间
			# try_files $uri $uri/ =404;  # 用于处理目录索引和文件不存在的情况
		}
	}


# 代理转发
server {
	listen 82 default_server;
	listen [::]:82 default_server;
    
	#root /var/www/web;

	# Add index.php to the list if you are using PHP
	#index index.html index.htm index.nginx-debian.html;

	server_name _;

	 location / {
            proxy_pass http://192.168.195.32:8189;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
        
 
}
# 代理转发,允许websocket
server {
	listen 82 default_server;
	listen [::]:82 default_server;
    
	#root /var/www/web;

	# Add index.php to the list if you are using PHP
	#index index.html index.htm index.nginx-debian.html;

	server_name _;

	
    location / {
        proxy_pass http://192.168.195.32:8189;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
        
 
}

### 添加跨域
server {
	listen 83 default_server;
	listen [::]:83 default_server;
    
	#root /var/www/web;

	# Add index.php to the list if you are using PHP
	#index index.html index.htm index.nginx-debian.html;

	server_name _;

	 location / {
            proxy_pass http://192.168.195.32:9967;
            
			proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            # 添加自定义标头
          
            # 添加 CORS 标头
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';

            # 如果需要处理 OPTIONS 请求
            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
                add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
                add_header 'Access-Control-Max-Age' 1728000;
                add_header 'Content-Length' 0;
                add_header 'Content-Type' 'text/plain charset=UTF-8';
                return 204;
            }

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
 
}



```
 

 # 安装支持 ngx_stream 模块的 Nginx 版本：
 ```sh
sudo apt update
sudo apt install nginx-full
# 更新配置以启用 stream 模块：  nginx.conf 文件中添加 
stream {
    upstream rdp_backend {
        server windows_server_ip:3389;
    }

    server {
        listen 3389;  # 监听的端口，可以根据需要修改
        proxy_pass rdp_backend;
    }
}

## 进阶选项  nginx.conf 文件中添加 

stream {
       include /etc/nginx/stream.d/*.conf;  # 确保 stream 块包含 conf.d 目录中的配置文件
}
 #/etc/nginx/stream.d/rdp.conf
upstream rdp_backend {
    server 192.168.195.4:3389;  # 将此 IP 替换为你的 Windows 服务器 IP
}

server {
    listen 89;  # Nginx 监听的端口，可以根据需要修改
    proxy_pass rdp_backend;
}

 ```